Vulnerabilities (CVE)

Filtered by CWE-427
Total 755 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-51711 1 Regify 1 Regipay 2024-02-28 N/A 7.8 HIGH
An issue was discovered in Regify Regipay Client for Windows version 4.5.1.0 allows DLL hijacking: a user can trigger the execution of arbitrary code every time the product is executed.
CVE-2023-28740 2 Intel, Microsoft 4 Quickassist Technology, Quickassist Technology Firmware, Quickassist Technology Library and 1 more 2024-02-28 N/A 7.8 HIGH
Uncontrolled search path element in some Intel(R) QAT drivers for Windows - HW Version 2.0 before version 2.0.4 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-33874 1 Intel 7 Hid Event Filter Driver, Nuc 12 Pro Board Nuc12wsbv5, Nuc 12 Pro Board Nuc12wsbv7 and 4 more 2024-02-28 N/A 7.3 HIGH
Uncontrolled search path in some Intel(R) NUC 12 Pro Kits & Mini PCs - NUC12WS Intel(R) HID Event Filter Driver installation software before version 2.2.2.1 for Windows may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-41117 1 Enterprisedb 1 Postgres Advanced Server 2024-02-28 N/A 9.8 CRITICAL
An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It contain packages, standalone packages, and functions that run SECURITY DEFINER but are inadequately secured against search_path attacks.
CVE-2023-47452 1 Notepad-plus-plus 1 Notepad\+\+ 2024-02-28 N/A 7.8 HIGH
An Untrusted search path vulnerability in notepad++ 6.5 allows local users to gain escalated privileges through the msimg32.dll file in the current working directory.
CVE-2023-6338 1 Lenovo 1 Universal Device Client 2024-02-28 N/A 7.8 HIGH
Uncontrolled search path vulnerabilities were reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges.
CVE-2023-29069 1 Autodesk 1 Desktop Connector 2024-02-28 N/A 7.8 HIGH
A maliciously crafted DLL file can be forced to install onto a non-default location, and attacker can overwrite parts of the product with malicious DLLs. These files may then have elevated privileges leading to a Privilege Escalation vulnerability.
CVE-2023-0898 1 Ge 1 Micom S1 Agile 2024-02-28 N/A 7.3 HIGH
General Electric MiCOM S1 Agile is vulnerable to an attacker achieving code execution by placing malicious DLL files in the directory of the application.
CVE-2023-41782 1 Zte 2 Zxcloud Irai, Zxcloud Irai Firmware 2024-02-28 N/A 4.8 MEDIUM
There is a DLL hijacking vulnerability in ZTE ZXCLOUD iRAI, an attacker could place a fake DLL file in a specific directory and successfully exploit this vulnerability to execute malicious code.
CVE-2023-47454 1 Netease 1 Cloudmusic 2024-02-28 N/A 7.8 HIGH
An Untrusted search path vulnerability in NetEase CloudMusic 2.10.4 for Windows allows local users to gain escalated privileges through the urlmon.dll file in the current working directory.
CVE-2023-47113 2 Bleachbit, Microsoft 2 Bleachbit, Windows 2024-02-28 N/A 7.3 HIGH
BleachBit cleans files to free disk space and to maintain privacy. BleachBit for Windows up to version 4.4.2 is vulnerable to a DLL Hijacking vulnerability. By placing a DLL in the Folder c:\DLLs, an attacker can run arbitrary code on every execution of BleachBit for Windows. This issue has been patched in version 4.5.0.
CVE-2023-4936 1 Synaptics 1 Displaylink Usb Graphics 2024-02-28 N/A 7.8 HIGH
It is possible to sideload a compromised DLL during the installation at elevated privilege.
CVE-2023-29151 1 Intel 1 Platform Service Record Software Development Kit 2024-02-28 N/A 7.8 HIGH
Uncontrolled search path element in some Intel(R) PSR SDK before version 1.0.0.20 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-45248 2 Acronis, Microsoft 2 Agent, Windows 2024-02-28 N/A 7.3 HIGH
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 36497, Acronis Cyber Protect 16 (Windows) before build 37391.
CVE-2023-36853 1 Keysight 1 Geolocation Server 2024-02-28 N/A 7.8 HIGH
?In Keysight Geolocation Server v2.4.2 and prior, a low privileged attacker could create a local ZIP file containing a malicious script in any location. The attacker could abuse this to load a DLL with SYSTEM privileges.
CVE-2022-25864 1 Intel 1 Oneapi Math Kernel Library 2024-02-28 N/A 7.8 HIGH
Uncontrolled search path in some Intel(R) oneMKL software before version 2022.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-24016 2 Intel, Linux 2 Quartus Prime, Linux Kernel 2024-02-28 N/A 7.3 HIGH
Uncontrolled search path element in some Intel(R) Quartus(R) Prime Pro and Standard edition software for linux may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-44220 1 Sonicwall 1 Netextender 2024-02-28 N/A 7.3 HIGH
SonicWall NetExtender Windows (32-bit and 64-bit) client 10.2.336 and earlier versions have a DLL Search Order Hijacking vulnerability in the start-up DLL component. Successful exploitation via a local attacker could result in command execution in the target system.
CVE-2023-41929 1 Samsung 1 Memory Card \& Ufd Authentication 2024-02-28 N/A 7.3 HIGH
A DLL hijacking vulnerability in Samsung Memory Card & UFD Authentication Utility PC Software before 1.0.1 could allow a local attacker to escalate privileges. (An attacker must already have user privileges on Windows to exploit this vulnerability.)
CVE-2023-28405 1 Intel 1 Openvino 2024-02-28 N/A 7.8 HIGH
Uncontrolled search path in the Intel(R) Distribution of OpenVINO(TM) Toolkit before version 2022.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access.